[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: iPlanet Directory migration into OpenLDAP

On Tue, 2003-09-09 at 06:57, Michael Ströder wrote:
> Lloyd H. Meinholz wrote:
> > I am dumping the data from
> > Directory Server into an ldif file. I am having is with the passwords.
> Should be compatible.

Doesn't seem to be. I used the java gui ldapbrowser to export the ldif
from iPlanet and then to import it into openldap. I've tried
authenticating to the openldap server and it doesn't work.
> > I've been searching and can't seem to figure out how to get the
> > passwords converted into a form OpenLDAP can deal with.
> You can just re-use the values of attribute 'userPassword' in OpenLDAP.

I do have userPassword in both schema's. What's weird is that after I've
imported the iPlanet ldif into openldap, the userPassword field is of
type BINARY (46b). I have no idea what this means and I can't seem to
change it. I have the password hash set to {SSHA} in slapd.conf and
can't seem to find another setting that resembles BINARY (46b)...

> If passwords are hashed (e.g. {SSHA}) you are stuck with LDAP simple bind 
> since most SASL mechs (e.g. DIGEST-MD5) need the passwords in clear-text.
> Ciao, Michael.

Thanks for the response,